Delete url echo

.github/workflows/Procedure_push_docker_images.yml

@@ -85,7 +85,6 @@ jobs:
         echo "* id: ${{ inputs.id }}"
         echo "* image_tag: ${{ inputs.image_tag }}"
         echo "* docker_reference: ${{ inputs.docker_reference }}"
-        echo "* filebeat_module_version: ${{ inputs.filebeat_module_version }}"
         echo "* revision: ${{ inputs.revision }}"
         echo "* dev: ${{ inputs.dev }}"
         echo "* dev reference: ${{ inputs.reference }}"

.gitignore

@@ -1,7 +1,13 @@
-single-node/config/wazuh_indexer_ssl_certs/*.pem
-single-node/config/wazuh_indexer_ssl_certs/*.key
-multi-node/config/wazuh_indexer_ssl_certs/*.pem
-multi-node/config/wazuh_indexer_ssl_certs/*.key
 *.log
 build-docker-images/packages_env.txt
-build-docker-images/packages_url.txt
+build-docker-images/packages_url.txt
+single-node/wazuh-certificates
+single-node/wazuh-certificates/*
+single-node/wazuh-certificates-tool.log
+single-node/config.yml
+single-node/wazuh-certs-tool.sh
+multi-node/wazuh-certificates
+multi-node/wazuh-certificates/*
+multi-node/wazuh-certificates-tool.log
+multi-node/config.yml
+multi-node/wazuh-certs-tool.sh

CHANGELOG.md

@@ -9,6 +9,7 @@ All notable changes to this project will be documented in this file.
 
 ### Changed
 
+- Configure deployment with environment variables ([#2081](https://github.com/wazuh/wazuh-puppet/issues/2081))
 - Modify Wazuh components install method ([#2058](https://github.com/wazuh/wazuh-puppet/issues/2058))
 - Image builder Workflow Rebuild ([#2054](https://github.com/wazuh/wazuh-puppet/issues/2054))
 - Wazuh server clean-up ([#2030](https://github.com/wazuh/wazuh-puppet/issues/2030))

build-docker-images/wazuh-dashboard/config/entrypoint.sh

@@ -26,6 +26,10 @@ echo $DASHBOARD_PASSWORD | $OPENSEARCH_DASHBOARDS_HOME/bin/opensearch-dashboards
 
 opensearch_dashboards_vars=(
     opensearch.hosts
+    server.port
+    server.host
+    opensearch.username
+    opensearch.password
 )
 
 function runOpensearchDashboards {

build-docker-images/wazuh-indexer/config/entrypoint.sh

@@ -11,6 +11,7 @@
 # Export OpenSearch Home
 export OPENSEARCH_HOME=/usr/share/wazuh-indexer
 export OPENSEARCH_PATH_CONF=$OPENSEARCH_HOME/config
+export CONFIG_FILE=${OPENSEARCH_PATH_CONF}/opensearch.yml
 export PATH=$OPENSEARCH_HOME/bin:$PATH
 
 
@@ -62,8 +63,39 @@ function runOpensearch {
 
 }
 
+function configureOpensearch {
+# Update opensearch.yml with NODES_DN if set
+if [ -n "$NODES_DN" ]; then
+
+  CLEAN_NODES_DN=$(echo "$NODES_DN" | sed 's/^["'\'']//; s/["'\'']$//; s/""/"/g')
+  NODES_DN_YAML=$(echo $CLEAN_NODES_DN | tr ';' '\n' | sed 's/^/- "/; s/$/"/')
+
+  awk '
+    /^plugins\.security\.nodes_dn:/ {in_block=1; print; next}
+    in_block && /^[^#[:space:]-]/ {in_block=0}
+    !in_block || /^plugins\.security\.nodes_dn:/ {next}
+    {print}
+  ' "$CONFIG_FILE" > "${CONFIG_FILE}.tmp"
+
+  awk -v repl="$NODES_DN_YAML" '
+    /^plugins\.security\.nodes_dn:/ {
+      print "plugins.security.nodes_dn:";
+      print repl;
+      skip=1; next
+    }
+    skip && /^[^#[:space:]-]/ {skip=0}
+    !skip
+  ' "${CONFIG_FILE}" > "${CONFIG_FILE}.new"
+  mv "${CONFIG_FILE}.new" "$CONFIG_FILE"
+  rm -f "${CONFIG_FILE}.tmp"
+fi
+}
+
 # Prepend "opensearch" command if no argument was provided or if the first
 # argument looks like a flag (i.e. starts with a dash).
+
+configureOpensearch
+
 if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then
     set -- opensearch "$@"
 fi

build-docker-images/wazuh-manager/config/config.sh

@@ -4,7 +4,7 @@
 # Variables for certificate generation
 CERT_TOOL="wazuh-certs-tool.sh"
 CERT_CONFIG_FILE="config.yml"
-CERT_DIR=/var/ossec/etc/certs/
+CERT_DIR=/etc/filebeat/certs
 download_package() {
     local url=$1
     local package=$2
@@ -16,6 +16,7 @@ download_package() {
         return 1
     fi
 }
+mkdir -p $CERT_DIR
 # Download the tool to create the certificates
 echo "Downloading the tool to create the certificates..."
 download_package "$wazuh_cert_tool" $CERT_TOOL

build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init

@@ -204,6 +204,11 @@ sed -i "/<cluster>/,/<\/cluster>/ s|<node_type>.*</node_type>|<node_type>$WAZUH_
 # --------------------------
 sed -i "/<cluster>/,/<\/cluster>/ s|<key>.*</key>|<key>$WAZUH_CLUSTER_KEY</key>|" "$OSSEC_CONF"
 
+# --------------------------
+# Cluster: bind_addr
+# --------------------------
+sed -i "/<cluster>/,/<\/cluster>/ s|<bind_addr>.*</bind_addr>|<bind_addr>$WAZUH_CLUSTER_BIND_ADDR</bind_addr>|" "$OSSEC_CONF"
+
 # --------------------------
 # Cluster: nodes list
 # --------------------------

multi-node/README.md

@@ -6,11 +6,47 @@ This deployment is defined in the `docker-compose.yml` file with two Wazuh manag
 ```
 $ sysctl -w vm.max_map_count=262144
 ```
-2) Run the certificate creation script:
+
+2) Download the certificate creation script and config.yml file:
 ```
-$ docker compose -f generate-indexer-certs.yml run --rm generator
+$ curl -sO https://packages.wazuh.com/5.0/wazuh-certs-tool.sh
+$ curl -sO https://packages.wazuh.com/5.0/config.yml
 ```
-3) Start the environment with docker compose:
+
+3) Edit the config.yml file with the configuration of the Wazuh components to be deployed
+```
+nodes:
+  # Wazuh indexer server nodes
+  indexer:
+    - name: wazuh1.indexer
+      ip: wazuh1.indexer
+    - name: wazuh2.indexer
+      ip: wazuh2.indexer
+    - name: wazuh3.indexer
+      ip: wazuh3.indexer
+
+  # Wazuh server nodes
+  # Use node_type only with more than one Wazuh manager
+  server:
+    - name: wazuh.master
+      ip: wazuh.master
+      node_type: master
+    - name: wazuh.worker
+      ip: wazuh.worker
+      node_type: worker
+
+  # Wazuh dashboard node
+  dashboard:
+    - name: wazuh.dashboard
+      ip: wazuh.dashboard
+```
+
+4) Run the certificate creation script:
+```
+bash ./wazuh-certs-tool.sh -A
+```
+
+5) Start the environment with docker compose:
 
 - In the foregroud:
 ```

multi-node/config/certs.yml

@@ -1,24 +0,0 @@
-nodes:
-  # Wazuh indexer server nodes
-  indexer:
-    - name: wazuh1.indexer
-      ip: wazuh1.indexer
-    - name: wazuh2.indexer
-      ip: wazuh2.indexer
-    - name: wazuh3.indexer
-      ip: wazuh3.indexer
-
-  # Wazuh server nodes
-  # Use node_type only with more than one Wazuh manager
-  server:
-    - name: wazuh.master
-      ip: wazuh.master
-      node_type: master
-    - name: wazuh.worker
-      ip: wazuh.worker
-      node_type: worker
-
-  # Wazuh dashboard node
-  dashboard:
-    - name: wazuh.dashboard
-      ip: wazuh.dashboard

multi-node/config/wazuh_cluster/wazuh_manager.conf

@@ -1,290 +0,0 @@
-<ossec_config>
-  <global>
-    <agents_disconnection_time>15m</agents_disconnection_time>
-    <agents_disconnection_alert_time>0</agents_disconnection_alert_time>
-    <update_check>yes</update_check>
-  </global>
-
-  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
-  <logging>
-    <log_format>plain</log_format>
-  </logging>
-
-  <remote>
-    <connection>secure</connection>
-    <port>1514</port>
-    <protocol>tcp</protocol>
-    <queue_size>131072</queue_size>
-  </remote>
-
-  <!-- Policy monitoring -->
-  <rootcheck>
-    <disabled>no</disabled>
-    <check_dev>yes</check_dev>
-    <check_sys>yes</check_sys>
-    <check_pids>yes</check_pids>
-    <check_ports>yes</check_ports>
-    <check_if>yes</check_if>
-
-    <!-- Frequency that rootcheck is executed - every 12 hours -->
-    <frequency>43200</frequency>
-
-    <skip_nfs>yes</skip_nfs>
-
-    <ignore>/var/lib/containerd</ignore>
-    <ignore>/var/lib/docker/overlay2</ignore>
-  </rootcheck>
-
-  <!-- System inventory -->
-  <wodle name="syscollector">
-    <disabled>no</disabled>
-    <interval>1h</interval>
-    <scan_on_start>yes</scan_on_start>
-    <hardware>yes</hardware>
-    <os>yes</os>
-    <network>yes</network>
-    <packages>yes</packages>
-    <ports all="yes">yes</ports>
-    <processes>yes</processes>
-    <users>yes</users>
-    <groups>yes</groups>
-    <services>yes</services>
-    <browser_extensions>yes</browser_extensions>
-
-    <!-- Database synchronization settings -->
-    <synchronization>
-      <enabled>yes</enabled>
-      <interval>5m</interval>
-      <max_eps>10</max_eps>
-    </synchronization>
-  </wodle>
-
-  <sca>
-    <enabled>yes</enabled>
-    <scan_on_start>yes</scan_on_start>
-    <interval>12h</interval>
-
-    <!-- Database synchronization settings -->
-    <synchronization>
-      <enabled>yes</enabled>
-      <interval>5m</interval>
-      <max_eps>10</max_eps>
-    </synchronization>
-  </sca>
-
-  <vulnerability-detection>
-    <enabled>yes</enabled>
-    <index-status>yes</index-status>
-    <feed-update-interval>60m</feed-update-interval>
-  </vulnerability-detection>
-
-  <indexer>
-    <enabled>yes</enabled>
-    <hosts>
-      <host>https://wazuh1.indexer:9200</host>
-      <host>https://wazuh2.indexer:9200</host>
-      <host>https://wazuh3.indexer:9200</host>
-    </hosts>
-    <ssl>
-      <certificate_authorities>
-        <ca>/etc/ssl/root-ca.pem</ca>
-      </certificate_authorities>
-      <certificate>/etc/ssl/filebeat.pem</certificate>
-      <key>/etc/ssl/filebeat.key</key>
-    </ssl>
-  </indexer>
-
-  <!-- File integrity monitoring -->
-  <syscheck>
-    <disabled>no</disabled>
-
-    <!-- Frequency that syscheck is executed default every 12 hours -->
-    <frequency>43200</frequency>
-
-    <!-- Generate alert when new file detected -->
-    <alert_new_files>yes</alert_new_files>
-
-    <!-- Don't ignore files that change more than 'frequency' times -->
-    <auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
-
-    <!-- Directories to check  (perform all possible verifications) -->
-    <directories>/etc,/usr/bin,/usr/sbin</directories>
-    <directories>/bin,/sbin,/boot</directories>
-
-    <!-- Files/directories to ignore -->
-    <ignore>/etc/mtab</ignore>
-    <ignore>/etc/hosts.deny</ignore>
-    <ignore>/etc/mail/statistics</ignore>
-    <ignore>/etc/random-seed</ignore>
-    <ignore>/etc/random.seed</ignore>
-    <ignore>/etc/adjtime</ignore>
-    <ignore>/etc/httpd/logs</ignore>
-    <ignore>/etc/utmpx</ignore>
-    <ignore>/etc/wtmpx</ignore>
-    <ignore>/etc/cups/certs</ignore>
-    <ignore>/etc/dumpdates</ignore>
-    <ignore>/etc/svc/volatile</ignore>
-
-    <!-- File types to ignore -->
-    <ignore type="sregex">.log$|.swp$</ignore>
-
-    <!-- Check the file, but never compute the diff -->
-    <nodiff>/etc/ssl/private.key</nodiff>
-
-    <skip_nfs>yes</skip_nfs>
-    <skip_dev>yes</skip_dev>
-    <skip_proc>yes</skip_proc>
-    <skip_sys>yes</skip_sys>
-
-    <!-- Nice value for Syscheck process -->
-    <process_priority>10</process_priority>
-
-    <!-- Maximum output throughput -->
-    <max_eps>50</max_eps>
-
-    <!-- Database synchronization settings -->
-    <synchronization>
-      <enabled>yes</enabled>
-      <interval>5m</interval>
-      <max_eps>10</max_eps>
-    </synchronization>
-  </syscheck>
-
-  <!-- Active response -->
-  <global>
-    <white_list>127.0.0.1</white_list>
-    <white_list>^localhost.localdomain$</white_list>
-  </global>
-
-  <command>
-    <name>disable-account</name>
-    <executable>disable-account</executable>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>restart-wazuh</name>
-    <executable>restart-wazuh</executable>
-  </command>
-
-  <command>
-    <name>firewall-drop</name>
-    <executable>firewall-drop</executable>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>host-deny</name>
-    <executable>host-deny</executable>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>route-null</name>
-    <executable>route-null</executable>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>win_route-null</name>
-    <executable>route-null.exe</executable>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>netsh</name>
-    <executable>netsh.exe</executable>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <!--
-  <active-response>
-    active-response options here
-  </active-response>
-  -->
-
-  <!-- Log analysis -->
-  <localfile>
-    <log_format>command</log_format>
-    <command>df -P</command>
-    <frequency>360</frequency>
-  </localfile>
-
-  <localfile>
-    <log_format>full_command</log_format>
-    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
-    <alias>netstat listening ports</alias>
-    <frequency>360</frequency>
-  </localfile>
-
-  <localfile>
-    <log_format>full_command</log_format>
-    <command>last -n 20</command>
-    <frequency>360</frequency>
-  </localfile>
-
-  <ruleset>
-    <!-- Default ruleset -->
-    <decoder_dir>ruleset/decoders</decoder_dir>
-    <rule_dir>ruleset/rules</rule_dir>
-    <rule_exclude>0215-policy_rules.xml</rule_exclude>
-    <list>etc/lists/audit-keys</list>
-    <list>etc/lists/amazon/aws-eventnames</list>
-    <list>etc/lists/security-eventchannel</list>
-    <list>etc/lists/malicious-ioc/malicious-ip</list>
-    <list>etc/lists/malicious-ioc/malicious-domains</list>
-    <list>etc/lists/malicious-ioc/malware-hashes</list>
-
-    <!-- User-defined ruleset -->
-    <decoder_dir>etc/decoders</decoder_dir>
-    <rule_dir>etc/rules</rule_dir>
-  </ruleset>
-
-  <!-- Configuration for wazuh-authd -->
-  <auth>
-    <disabled>no</disabled>
-    <port>1515</port>
-    <use_source_ip>no</use_source_ip>
-    <purge>yes</purge>
-    <use_password>no</use_password>
-    <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
-    <!-- <ssl_agent_ca></ssl_agent_ca> -->
-    <ssl_verify_host>no</ssl_verify_host>
-    <ssl_manager_cert>etc/sslmanager.cert</ssl_manager_cert>
-    <ssl_manager_key>etc/sslmanager.key</ssl_manager_key>
-    <ssl_auto_negotiate>no</ssl_auto_negotiate>
-  </auth>
-
-  <cluster>
-    <name>wazuh</name>
-    <node_name>manager</node_name>
-    <node_type>master</node_type>
-    <key>c98b6ha9b6169zc5f67rae55ae4z5647</key>
-    <port>1516</port>
-    <bind_addr>0.0.0.0</bind_addr>
-    <nodes>
-        <node>wazuh.master</node>
-    </nodes>
-    <hidden>no</hidden>
-    <disabled>no</disabled>
-  </cluster>
-
-</ossec_config>
-
-<ossec_config>
-  <localfile>
-    <log_format>journald</log_format>
-    <location>journald</location>
-  </localfile>
-
-  <localfile>
-    <log_format>audit</log_format>
-    <location>/var/log/audit/audit.log</location>
-  </localfile>
-
-  <localfile>
-    <log_format>syslog</log_format>
-    <location>/var/ossec/logs/active-responses.log</location>
-  </localfile>
-
-</ossec_config>

multi-node/config/wazuh_cluster/wazuh_worker.conf

@@ -1,290 +0,0 @@
-<ossec_config>
-  <global>
-    <agents_disconnection_time>15m</agents_disconnection_time>
-    <agents_disconnection_alert_time>0</agents_disconnection_alert_time>
-    <update_check>yes</update_check>
-  </global>
-
-  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
-  <logging>
-    <log_format>plain</log_format>
-  </logging>
-
-  <remote>
-    <connection>secure</connection>
-    <port>1514</port>
-    <protocol>tcp</protocol>
-    <queue_size>131072</queue_size>
-  </remote>
-
-  <!-- Policy monitoring -->
-  <rootcheck>
-    <disabled>no</disabled>
-    <check_dev>yes</check_dev>
-    <check_sys>yes</check_sys>
-    <check_pids>yes</check_pids>
-    <check_ports>yes</check_ports>
-    <check_if>yes</check_if>
-
-    <!-- Frequency that rootcheck is executed - every 12 hours -->
-    <frequency>43200</frequency>
-
-    <skip_nfs>yes</skip_nfs>
-
-    <ignore>/var/lib/containerd</ignore>
-    <ignore>/var/lib/docker/overlay2</ignore>
-  </rootcheck>
-
-  <!-- System inventory -->
-  <wodle name="syscollector">
-    <disabled>no</disabled>
-    <interval>1h</interval>
-    <scan_on_start>yes</scan_on_start>
-    <hardware>yes</hardware>
-    <os>yes</os>
-    <network>yes</network>
-    <packages>yes</packages>
-    <ports all="yes">yes</ports>
-    <processes>yes</processes>
-    <users>yes</users>
-    <groups>yes</groups>
-    <services>yes</services>
-    <browser_extensions>yes</browser_extensions>
-
-    <!-- Database synchronization settings -->
-    <synchronization>
-      <enabled>yes</enabled>
-      <interval>5m</interval>
-      <max_eps>10</max_eps>
-    </synchronization>
-  </wodle>
-
-  <sca>
-    <enabled>yes</enabled>
-    <scan_on_start>yes</scan_on_start>
-    <interval>12h</interval>
-
-    <!-- Database synchronization settings -->
-    <synchronization>
-      <enabled>yes</enabled>
-      <interval>5m</interval>
-      <max_eps>10</max_eps>
-    </synchronization>
-  </sca>
-
-  <vulnerability-detection>
-    <enabled>yes</enabled>
-    <index-status>yes</index-status>
-    <feed-update-interval>60m</feed-update-interval>
-  </vulnerability-detection>
-
-  <indexer>
-    <enabled>yes</enabled>
-    <hosts>
-      <host>https://wazuh1.indexer:9200</host>
-      <host>https://wazuh2.indexer:9200</host>
-      <host>https://wazuh3.indexer:9200</host>
-    </hosts>
-    <ssl>
-      <certificate_authorities>
-        <ca>/etc/ssl/root-ca.pem</ca>
-      </certificate_authorities>
-      <certificate>/etc/ssl/filebeat.pem</certificate>
-      <key>/etc/ssl/filebeat.key</key>
-    </ssl>
-  </indexer>
-
-  <!-- File integrity monitoring -->
-  <syscheck>
-    <disabled>no</disabled>
-
-    <!-- Frequency that syscheck is executed default every 12 hours -->
-    <frequency>43200</frequency>
-
-    <!-- Generate alert when new file detected -->
-    <alert_new_files>yes</alert_new_files>
-
-    <!-- Don't ignore files that change more than 'frequency' times -->
-    <auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
-
-    <!-- Directories to check  (perform all possible verifications) -->
-    <directories>/etc,/usr/bin,/usr/sbin</directories>
-    <directories>/bin,/sbin,/boot</directories>
-
-    <!-- Files/directories to ignore -->
-    <ignore>/etc/mtab</ignore>
-    <ignore>/etc/hosts.deny</ignore>
-    <ignore>/etc/mail/statistics</ignore>
-    <ignore>/etc/random-seed</ignore>
-    <ignore>/etc/random.seed</ignore>
-    <ignore>/etc/adjtime</ignore>
-    <ignore>/etc/httpd/logs</ignore>
-    <ignore>/etc/utmpx</ignore>
-    <ignore>/etc/wtmpx</ignore>
-    <ignore>/etc/cups/certs</ignore>
-    <ignore>/etc/dumpdates</ignore>
-    <ignore>/etc/svc/volatile</ignore>
-
-    <!-- File types to ignore -->
-    <ignore type="sregex">.log$|.swp$</ignore>
-
-    <!-- Check the file, but never compute the diff -->
-    <nodiff>/etc/ssl/private.key</nodiff>
-
-    <skip_nfs>yes</skip_nfs>
-    <skip_dev>yes</skip_dev>
-    <skip_proc>yes</skip_proc>
-    <skip_sys>yes</skip_sys>
-
-    <!-- Nice value for Syscheck process -->
-    <process_priority>10</process_priority>
-
-    <!-- Maximum output throughput -->
-    <max_eps>50</max_eps>
-
-    <!-- Database synchronization settings -->
-    <synchronization>
-      <enabled>yes</enabled>
-      <interval>5m</interval>
-      <max_eps>10</max_eps>
-    </synchronization>
-  </syscheck>
-
-  <!-- Active response -->
-  <global>
-    <white_list>127.0.0.1</white_list>
-    <white_list>^localhost.localdomain$</white_list>
-  </global>
-
-  <command>
-    <name>disable-account</name>
-    <executable>disable-account</executable>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>restart-wazuh</name>
-    <executable>restart-wazuh</executable>
-  </command>
-
-  <command>
-    <name>firewall-drop</name>
-    <executable>firewall-drop</executable>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>host-deny</name>
-    <executable>host-deny</executable>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>route-null</name>
-    <executable>route-null</executable>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>win_route-null</name>
-    <executable>route-null.exe</executable>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>netsh</name>
-    <executable>netsh.exe</executable>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <!--
-  <active-response>
-    active-response options here
-  </active-response>
-  -->
-
-  <!-- Log analysis -->
-  <localfile>
-    <log_format>command</log_format>
-    <command>df -P</command>
-    <frequency>360</frequency>
-  </localfile>
-
-  <localfile>
-    <log_format>full_command</log_format>
-    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
-    <alias>netstat listening ports</alias>
-    <frequency>360</frequency>
-  </localfile>
-
-  <localfile>
-    <log_format>full_command</log_format>
-    <command>last -n 20</command>
-    <frequency>360</frequency>
-  </localfile>
-
-  <ruleset>
-    <!-- Default ruleset -->
-    <decoder_dir>ruleset/decoders</decoder_dir>
-    <rule_dir>ruleset/rules</rule_dir>
-    <rule_exclude>0215-policy_rules.xml</rule_exclude>
-    <list>etc/lists/audit-keys</list>
-    <list>etc/lists/amazon/aws-eventnames</list>
-    <list>etc/lists/security-eventchannel</list>
-    <list>etc/lists/malicious-ioc/malicious-ip</list>
-    <list>etc/lists/malicious-ioc/malicious-domains</list>
-    <list>etc/lists/malicious-ioc/malware-hashes</list>
-
-    <!-- User-defined ruleset -->
-    <decoder_dir>etc/decoders</decoder_dir>
-    <rule_dir>etc/rules</rule_dir>
-  </ruleset>
-
-  <!-- Configuration for wazuh-authd -->
-  <auth>
-    <disabled>no</disabled>
-    <port>1515</port>
-    <use_source_ip>no</use_source_ip>
-    <purge>yes</purge>
-    <use_password>no</use_password>
-    <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
-    <!-- <ssl_agent_ca></ssl_agent_ca> -->
-    <ssl_verify_host>no</ssl_verify_host>
-    <ssl_manager_cert>etc/sslmanager.cert</ssl_manager_cert>
-    <ssl_manager_key>etc/sslmanager.key</ssl_manager_key>
-    <ssl_auto_negotiate>no</ssl_auto_negotiate>
-  </auth>
-
-  <cluster>
-    <name>wazuh</name>
-    <node_name>worker01</node_name>
-    <node_type>worker</node_type>
-    <key>c98b6ha9b6169zc5f67rae55ae4z5647</key>
-    <port>1516</port>
-    <bind_addr>0.0.0.0</bind_addr>
-    <nodes>
-        <node>wazuh.master</node>
-    </nodes>
-    <hidden>no</hidden>
-    <disabled>no</disabled>
-  </cluster>
-
-</ossec_config>
-
-<ossec_config>
-  <localfile>
-    <log_format>journald</log_format>
-    <location>journald</location>
-  </localfile>
-
-  <localfile>
-    <log_format>audit</log_format>
-    <location>/var/log/audit/audit.log</location>
-  </localfile>
-
-  <localfile>
-    <log_format>syslog</log_format>
-    <location>/var/ossec/logs/active-responses.log</location>
-  </localfile>
-
-</ossec_config>

multi-node/config/wazuh_dashboard/opensearch_dashboards.yml

@@ -1,16 +0,0 @@
-server.host: 0.0.0.0
-server.port: 5601
-opensearch.hosts: https://wazuh1.indexer:9200
-opensearch.ssl.verificationMode: certificate
-opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
-opensearch_security.multitenancy.enabled: false
-opensearch_security.readonly_mode.roles: ["kibana_read_only"]
-server.ssl.enabled: true
-server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
-server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
-opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
-uiSettings.overrides.defaultRoute: /app/wz-home
-# Session expiration settings
-opensearch_security.cookie.ttl: 900000
-opensearch_security.session.ttl: 900000
-opensearch_security.session.keepalive: true

multi-node/config/wazuh_dashboard/wazuh.yml

@@ -1,7 +0,0 @@
-hosts:
-  - 1513629884013:
-      url: "https://wazuh.master"
-      port: 55000
-      username: wazuh-wui
-      password: "MyS3cr37P450r.*-"
-      run_as: false

multi-node/config/wazuh_indexer/internal_users.yml

@@ -1,56 +0,0 @@
----
-# This is the internal user database
-# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
-
-_meta:
-  type: "internalusers"
-  config_version: 2
-
-# Define your internal users here
-
-## Demo users
-
-admin:
-  hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO"
-  reserved: true
-  backend_roles:
-  - "admin"
-  description: "Demo admin user"
-
-kibanaserver:
-  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
-  reserved: true
-  description: "Demo kibanaserver user"
-
-kibanaro:
-  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
-  reserved: false
-  backend_roles:
-  - "kibanauser"
-  - "readall"
-  attributes:
-    attribute1: "value1"
-    attribute2: "value2"
-    attribute3: "value3"
-  description: "Demo kibanaro user"
-
-logstash:
-  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
-  reserved: false
-  backend_roles:
-  - "logstash"
-  description: "Demo logstash user"
-
-readall:
-  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
-  reserved: false
-  backend_roles:
-  - "readall"
-  description: "Demo readall user"
-
-snapshotrestore:
-  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
-  reserved: false
-  backend_roles:
-  - "snapshotrestore"
-  description: "Demo snapshotrestore user"

multi-node/config/wazuh_indexer/wazuh1.indexer.yml

@@ -1,37 +0,0 @@
-network.host: wazuh1.indexer
-node.name: wazuh1.indexer
-cluster.initial_cluster_manager_nodes:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-cluster.name: "wazuh-cluster"
-discovery.seed_hosts:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-node.max_local_storage_nodes: "3"
-path.data: /var/lib/wazuh-indexer
-path.logs: /var/log/wazuh-indexer
-plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.http.enabled: true
-plugins.security.ssl.transport.enforce_hostname_verification: false
-plugins.security.ssl.transport.resolve_hostname: false
-plugins.security.authcz.admin_dn:
-- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.check_snapshot_restore_write_privileges: true
-plugins.security.enable_snapshot_restore_privilege: true
-plugins.security.nodes_dn:
-- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.restapi.roles_enabled:
-- "all_access"
-- "security_rest_api_access"
-plugins.security.allow_default_init_securityindex: true
-cluster.routing.allocation.disk.threshold_enabled: false

multi-node/config/wazuh_indexer/wazuh2.indexer.yml

@@ -1,37 +0,0 @@
-network.host: wazuh2.indexer
-node.name: wazuh2.indexer
-cluster.initial_cluster_manager_nodes:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-cluster.name: "wazuh-cluster"
-discovery.seed_hosts:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-node.max_local_storage_nodes: "3"
-path.data: /var/lib/wazuh-indexer
-path.logs: /var/log/wazuh-indexer
-plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.http.enabled: true
-plugins.security.ssl.transport.enforce_hostname_verification: false
-plugins.security.ssl.transport.resolve_hostname: false
-plugins.security.authcz.admin_dn:
-- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.check_snapshot_restore_write_privileges: true
-plugins.security.enable_snapshot_restore_privilege: true
-plugins.security.nodes_dn:
-- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.restapi.roles_enabled:
-- "all_access"
-- "security_rest_api_access"
-plugins.security.allow_default_init_securityindex: true
-cluster.routing.allocation.disk.threshold_enabled: false

multi-node/config/wazuh_indexer/wazuh3.indexer.yml

@@ -1,37 +0,0 @@
-network.host: wazuh3.indexer
-node.name: wazuh3.indexer
-cluster.initial_cluster_manager_nodes:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-cluster.name: "wazuh-cluster"
-discovery.seed_hosts:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-node.max_local_storage_nodes: "3"
-path.data: /var/lib/wazuh-indexer
-path.logs: /var/log/wazuh-indexer
-plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.http.enabled: true
-plugins.security.ssl.transport.enforce_hostname_verification: false
-plugins.security.ssl.transport.resolve_hostname: false
-plugins.security.authcz.admin_dn:
-- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.check_snapshot_restore_write_privileges: true
-plugins.security.enable_snapshot_restore_privilege: true
-plugins.security.nodes_dn:
-- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.restapi.roles_enabled:
-- "all_access"
-- "security_rest_api_access"
-plugins.security.allow_default_init_securityindex: true
-cluster.routing.allocation.disk.threshold_enabled: false

multi-node/docker-compose.yml

@@ -1,7 +1,7 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 services:
   wazuh.master:
-    image: wazuh/wazuh-manager:5.0.0
+    image: wazuh/wazuh-manager:main
     hostname: wazuh.master
     restart: always
     ulimits:
@@ -16,13 +16,13 @@ services:
       - "514:514/udp"
       - "55000:55000"
     environment:
-      - INDEXER_URL=https://wazuh1.indexer:9200
+      - WAZUH_INDEXER_HOSTS=wazuh1.indexer:9200,wazuh2.indexer:9200,wazuh3.indexer:9200
+      - WAZUH_NODE_NAME=master
+      - WAZUH_NODE_TYPE=master
+      - WAZUH_CLUSTER_BIND_ADDR=0.0.0.0
+      - WAZUH_CLUSTER_NODES=wazuh.master
       - INDEXER_USERNAME=admin
-      - INDEXER_PASSWORD=SecretPassword
-      - FILEBEAT_SSL_VERIFICATION_MODE=full
-      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
-      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
-      - SSL_KEY=/etc/ssl/filebeat.key
+      - INDEXER_PASSWORD=admin
       - API_USERNAME=wazuh-wui
       - API_PASSWORD=MyS3cr37P450r.*-
     volumes:
@@ -33,15 +33,11 @@ services:
       - master-wazuh-var-multigroups:/var/ossec/var/multigroups
       - master-wazuh-active-response:/var/ossec/active-response/bin
       - master-wazuh-wodles:/var/ossec/wodles
-      - master-filebeat-etc:/etc/filebeat
-      - master-filebeat-var:/var/lib/filebeat
-      - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh.master.pem:/etc/ssl/filebeat.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh.master-key.pem:/etc/ssl/filebeat.key
-      - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
-
+      - ./wazuh-certificates/root-ca.pem:/etc/ssl/root-ca.pem
+      - ./wazuh-certificates/wazuh.master.pem:/etc/ssl/filebeat.pem
+      - ./wazuh-certificates/wazuh.master-key.pem:/etc/ssl/filebeat.key
   wazuh.worker:
-    image: wazuh/wazuh-manager:5.0.0
+    image: wazuh/wazuh-manager:main
     hostname: wazuh.worker
     restart: always
     ulimits:
@@ -52,13 +48,15 @@ services:
         soft: 655360
         hard: 655360
     environment:
-      - INDEXER_URL=https://wazuh1.indexer:9200
+      - WAZUH_INDEXER_HOSTS=wazuh1.indexer:9200,wazuh2.indexer:9200,wazuh3.indexer:9200
+      - WAZUH_NODE_NAME=worker01
+      - WAZUH_NODE_TYPE=worker
+      - WAZUH_CLUSTER_BIND_ADDR=0.0.0.0
+      - WAZUH_CLUSTER_NODES=wazuh.master
       - INDEXER_USERNAME=admin
-      - INDEXER_PASSWORD=SecretPassword
-      - FILEBEAT_SSL_VERIFICATION_MODE=full
-      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
-      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
-      - SSL_KEY=/etc/ssl/filebeat.key
+      - INDEXER_PASSWORD=admin
+      - API_USERNAME=wazuh-wui
+      - API_PASSWORD=MyS3cr37P450r.*-
     volumes:
       - worker-wazuh-api-configuration:/var/ossec/api/configuration
       - worker-wazuh-etc:/var/ossec/etc
@@ -67,22 +65,26 @@ services:
       - worker-wazuh-var-multigroups:/var/ossec/var/multigroups
       - worker-wazuh-active-response:/var/ossec/active-response/bin
       - worker-wazuh-wodles:/var/ossec/wodles
-      - worker-filebeat-etc:/etc/filebeat
-      - worker-filebeat-var:/var/lib/filebeat
-      - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh.worker.pem:/etc/ssl/filebeat.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh.worker-key.pem:/etc/ssl/filebeat.key
-      - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
+      - ./wazuh-certificates/root-ca.pem:/etc/filebeat/certs/root-ca.pem
+      - ./wazuh-certificates/wazuh.worker.pem:/etc/filebeat/certs/filebeat.pem
+      - ./wazuh-certificates/wazuh.worker-key.pem:/etc/filebeat/certs/filebeat-key.pem
 
   wazuh1.indexer:
-    image: wazuh/wazuh-indexer:5.0.0
+    image: wazuh/wazuh-indexer:main
     hostname: wazuh1.indexer
     restart: always
     ports:
       - "9200:9200"
     environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
-      - "bootstrap.memory_lock=true"
+      - OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g
+      - bootstrap.memory_lock=true
+      - network.host=wazuh1.indexer
+      - node.name=wazuh1.indexer
+      - cluster.initial_cluster_manager_nodes=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer
+      - discovery.seed_hosts=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer
+      - node.max_local_storage_nodes=3
+      - plugins.security.allow_default_init_securityindex=true
+      - NODES_DN=CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US
     ulimits:
       memlock:
         soft: -1
@@ -92,21 +94,26 @@ services:
         hard: 65536
     volumes:
       - wazuh-indexer-data-1:/var/lib/wazuh-indexer
-      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh1.indexer.key
-      - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh1.indexer.pem
-      - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem
-      - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem
-      - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml
-      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml
+      - ./wazuh-certificates/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
+      - ./wazuh-certificates/wazuh1.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/indexer-key.pem
+      - ./wazuh-certificates/wazuh1.indexer.pem:/usr/share/wazuh-indexer/config/certs/indexer.pem
+      - ./wazuh-certificates/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem
+      - ./wazuh-certificates/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem
 
   wazuh2.indexer:
-    image: wazuh/wazuh-indexer:5.0.0
+    image: wazuh/wazuh-indexer:main
     hostname: wazuh2.indexer
     restart: always
     environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
-      - "bootstrap.memory_lock=true"
+      - OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g
+      - bootstrap.memory_lock=true
+      - network.host=wazuh2.indexer
+      - node.name=wazuh2.indexer
+      - cluster.initial_cluster_manager_nodes=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer
+      - discovery.seed_hosts=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer
+      - node.max_local_storage_nodes=3
+      - plugins.security.allow_default_init_securityindex=true
+      - NODES_DN=CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US
     ulimits:
       memlock:
         soft: -1
@@ -116,19 +123,24 @@ services:
         hard: 65536
     volumes:
       - wazuh-indexer-data-2:/var/lib/wazuh-indexer
-      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh2.indexer.key
-      - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh2.indexer.pem
-      - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml
-      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml
+      - ./wazuh-certificates/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
+      - ./wazuh-certificates/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/indexer-key.pem
+      - ./wazuh-certificates/wazuh2.indexer.pem:/usr/share/wazuh-indexer/config/certs/indexer.pem
 
   wazuh3.indexer:
-    image: wazuh/wazuh-indexer:5.0.0
+    image: wazuh/wazuh-indexer:main
     hostname: wazuh3.indexer
     restart: always
     environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
-      - "bootstrap.memory_lock=true"
+      - OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g
+      - bootstrap.memory_lock=true
+      - network.host=wazuh3.indexer
+      - node.name=wazuh3.indexer
+      - cluster.initial_cluster_manager_nodes=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer
+      - discovery.seed_hosts=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer
+      - node.max_local_storage_nodes=3
+      - plugins.security.allow_default_init_securityindex=true
+      - NODES_DN=CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US
     ulimits:
       memlock:
         soft: -1
@@ -138,35 +150,36 @@ services:
         hard: 65536
     volumes:
       - wazuh-indexer-data-3:/var/lib/wazuh-indexer
-      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh3.indexer.key
-      - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh3.indexer.pem
-      - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml
-      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml
+      - ./wazuh-certificates/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
+      - ./wazuh-certificates/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/indexer-key.pem
+      - ./wazuh-certificates/wazuh3.indexer.pem:/usr/share/wazuh-indexer/config/certs/indexer.pem
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:5.0.0
+    image: wazuh/wazuh-dashboard:main
     hostname: wazuh.dashboard
     restart: always
     ports:
       - 443:5601
     environment:
-      - OPENSEARCH_HOSTS="https://wazuh1.indexer:9200"
-      - WAZUH_API_URL="https://wazuh.master"
-      - API_USERNAME=wazuh-wui
-      - API_PASSWORD=MyS3cr37P450r.*-
+      - SERVER_PORT=5601
+      - SERVER_HOST=0.0.0.0
+      - OPENSEARCH_HOSTS=["https://wazuh1.indexer:9200","https://wazuh2.indexer:9200","https://wazuh3.indexer:9200"]
+      - INDEXER_USERNAME=admin
+      - INDEXER_PASSWORD=admin
+      - WAZUH_API_URL=https://wazuh.master
       - DASHBOARD_USERNAME=kibanaserver
       - DASHBOARD_PASSWORD=kibanaserver
+      - API_USERNAME=wazuh-wui
+      - API_PASSWORD=MyS3cr37P450r.*-
     volumes:
-      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
-      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
-      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
-      - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
+      - ./wazuh-certificates/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/config/certs/wazuh-dashboard.pem
+      - ./wazuh-certificates/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/config/certs/wazuh-dashboard-key.pem
+      - ./wazuh-certificates/root-ca.pem:/usr/share/wazuh-dashboard/config/certs/root-ca.pem
       - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
       - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
     depends_on:
       - wazuh1.indexer
+      - wazuh.master
     links:
       - wazuh1.indexer:wazuh1.indexer
       - wazuh.master:wazuh.master
@@ -196,8 +209,6 @@ volumes:
   master-wazuh-var-multigroups:
   master-wazuh-active-response:
   master-wazuh-wodles:
-  master-filebeat-etc:
-  master-filebeat-var:
   worker-wazuh-api-configuration:
   worker-wazuh-etc:
   worker-wazuh-logs:
@@ -205,8 +216,6 @@ volumes:
   worker-wazuh-var-multigroups:
   worker-wazuh-active-response:
   worker-wazuh-wodles:
-  worker-filebeat-etc:
-  worker-filebeat-var:
   wazuh-indexer-data-1:
   wazuh-indexer-data-2:
   wazuh-indexer-data-3:

multi-node/generate-indexer-certs.yml

@@ -1,10 +0,0 @@
-# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
-services:
-  generator:
-    image: wazuh/wazuh-certs-generator:0.0.3
-    hostname: wazuh-certs-generator
-    environment:
-      - CERT_TOOL_VERSION=4.14
-    volumes:
-      - ./config/wazuh_indexer_ssl_certs/:/certificates/
-      - ./config/certs.yml:/config/certs.yml

single-node/README.md

@@ -6,16 +6,45 @@ This deployment is defined in the `docker-compose.yml` file with one Wazuh manag
 ```
 $ sysctl -w vm.max_map_count=262144
 ```
-2) Run the certificate creation script:
+
+2) Download the certificate creation script and config.yml file:
 ```
-$ docker compose -f generate-indexer-certs.yml run --rm generator
+$ curl -sO https://packages.wazuh.com/5.0/wazuh-certs-tool.sh
+$ curl -sO https://packages.wazuh.com/5.0/config.yml
 ```
-3) Start the environment with docker compose:
+
+3) Edit the config.yml file with the configuration of the Wazuh components to be deployed
+```
+nodes:
+  # Wazuh indexer server nodes
+  indexer:
+    - name: wazuh.indexer
+      ip: wazuh.indexer
+
+  # Wazuh server nodes
+  # Use node_type only with more than one Wazuh manager
+  server:
+    - name: wazuh.manager
+      ip: wazuh.manager
+
+  # Wazuh dashboard node
+  dashboard:
+    - name: wazuh.dashboard
+      ip: wazuh.dashboard
+```
+
+4) Run the certificate creation script:
+```
+bash ./wazuh-certs-tool.sh -A
+```
+
+5) Start the environment with docker compose:
 
 - In the foregroud:
 ```
 $ docker compose up
 ```
+
 - In the background:
 ```
 $ docker compose up -d

single-node/config/certs.yml

@@ -1,16 +0,0 @@
-nodes:
-  # Wazuh indexer server nodes
-  indexer:
-    - name: wazuh.indexer
-      ip: wazuh.indexer
-
-  # Wazuh server nodes
-  # Use node_type only with more than one Wazuh manager
-  server:
-    - name: wazuh.manager
-      ip: wazuh.manager
-
-  # Wazuh dashboard node
-  dashboard:
-    - name: wazuh.dashboard
-      ip: wazuh.dashboard

single-node/config/wazuh_cluster/entrypoint.sh

@@ -1,85 +0,0 @@
-#!/bin/bash
-set -xe
-
-OSSEC_CONF="ossec.conf"
-
-# --------------------------
-# Defaults based on OSSEC_CONF
-# --------------------------
-if [[ -z "$WAZUH_CLUSTER_KEY" ]]; then
-    WAZUH_CLUSTER_KEY=$(sed -n '/<cluster>/,/<\/cluster>/s/.*<key>\(.*\)<\/key>.*/\1/p' "$OSSEC_CONF" | head -n1)
-fi
-
-if [[ -z "$WAZUH_CLUSTER_PORT" ]]; then
-    WAZUH_CLUSTER_PORT=$(sed -n '/<cluster>/,/<\/cluster>/s/.*<port>\(.*\)<\/port>.*/\1/p' "$OSSEC_CONF" | head -n1)
-fi
-
-# Node type logic
-if [[ -z "$WAZUH_NODE_TYPE" ]]; then
-    if [[ "$HOSTNAME" == "manager" || "$HOSTNAME" == "aio_node" ]]; then
-        WAZUH_NODE_TYPE="master"
-    else
-        WAZUH_NODE_TYPE="worker"
-    fi
-fi
-
-# Default node name → HOSTNAME if not defined
-WAZUH_NODE_NAME="${WAZUH_NODE_NAME:-$HOSTNAME}"
-
-# --------------------------
-# Replace Indexer Hosts
-# --------------------------
-if [[ -n "$WAZUH_INDEXER_HOSTS" ]]; then
-    TMP_HOSTS=$(mktemp)
-    {
-        echo "    <hosts>"
-        for NODE in $WAZUH_INDEXER_HOSTS; do
-            IP="${NODE%:*}"
-            PORT="${NODE#*:}"
-            echo "      <host>https://$IP:$PORT</host>"
-        done
-        echo "    </hosts>"
-    } > "$TMP_HOSTS";
-    sed -i -e '/<indexer>/,/<\/indexer>/{ /<hosts>/,/<\/hosts>/{ /<hosts>/r '"$TMP_HOSTS" \
-            -e 'd }}' "$OSSEC_CONF";
-    rm -f "$TMP_HOSTS";
-fi
-
-# --------------------------
-# Cluster: node_name
-# --------------------------
-sed -i "/<cluster>/,/<\/cluster>/ s|<node_name>.*</node_name>|<node_name>$WAZUH_NODE_NAME</node_name>|" "$OSSEC_CONF"
-
-# --------------------------
-# Cluster: node_type
-# --------------------------
-sed -i "/<cluster>/,/<\/cluster>/ s|<node_type>.*</node_type>|<node_type>$WAZUH_NODE_TYPE</node_type>|" "$OSSEC_CONF"
-
-# --------------------------
-# Cluster: key
-# --------------------------
-sed -i "/<cluster>/,/<\/cluster>/ s|<key>.*</key>|<key>$WAZUH_CLUSTER_KEY</key>|" "$OSSEC_CONF"
-
-# --------------------------
-# Cluster: port
-# --------------------------
-sed -i "/<cluster>/,/<\/cluster>/ s|<port>.*</port>|<port>$WAZUH_CLUSTER_PORT</port>|" "$OSSEC_CONF"
-
-# --------------------------
-# Cluster: nodes list
-# --------------------------
-if [[ -n "$WAZUH_CLUSTER_NODES" ]]; then
-    TMP_NODES=$(mktemp)
-    {
-        echo "    <nodes>"
-        for N in $WAZUH_CLUSTER_NODES; do
-            echo "        <node>$N</node>"
-        done
-        echo "    </nodes>"
-    } > "$TMP_NODES";
-    sed -i -e '/<cluster>/,/<\/cluster>/{ /<nodes>/,/<\/nodes>/{ /<nodes>/r '"$TMP_NODES" \
-            -e 'd }}' "$OSSEC_CONF";
-    rm -f "$TMP_NODES";
-fi
-
-echo "Wazuh manager config modified successfully."

single-node/config/wazuh_cluster/wazuh_manager.conf

@@ -1,288 +0,0 @@
-<ossec_config>
-  <global>
-    <agents_disconnection_time>15m</agents_disconnection_time>
-    <agents_disconnection_alert_time>0</agents_disconnection_alert_time>
-    <update_check>yes</update_check>
-  </global>
-
-  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
-  <logging>
-    <log_format>plain</log_format>
-  </logging>
-
-  <remote>
-    <connection>secure</connection>
-    <port>1514</port>
-    <protocol>tcp</protocol>
-    <queue_size>131072</queue_size>
-  </remote>
-
-  <!-- Policy monitoring -->
-  <rootcheck>
-    <disabled>no</disabled>
-    <check_dev>yes</check_dev>
-    <check_sys>yes</check_sys>
-    <check_pids>yes</check_pids>
-    <check_ports>yes</check_ports>
-    <check_if>yes</check_if>
-
-    <!-- Frequency that rootcheck is executed - every 12 hours -->
-    <frequency>43200</frequency>
-
-    <skip_nfs>yes</skip_nfs>
-
-    <ignore>/var/lib/containerd</ignore>
-    <ignore>/var/lib/docker/overlay2</ignore>
-  </rootcheck>
-
-  <!-- System inventory -->
-  <wodle name="syscollector">
-    <disabled>no</disabled>
-    <interval>1h</interval>
-    <scan_on_start>yes</scan_on_start>
-    <hardware>yes</hardware>
-    <os>yes</os>
-    <network>yes</network>
-    <packages>yes</packages>
-    <ports all="yes">yes</ports>
-    <processes>yes</processes>
-    <users>yes</users>
-    <groups>yes</groups>
-    <services>yes</services>
-    <browser_extensions>yes</browser_extensions>
-
-    <!-- Database synchronization settings -->
-    <synchronization>
-      <enabled>yes</enabled>
-      <interval>5m</interval>
-      <max_eps>10</max_eps>
-    </synchronization>
-  </wodle>
-
-  <sca>
-    <enabled>yes</enabled>
-    <scan_on_start>yes</scan_on_start>
-    <interval>12h</interval>
-
-    <!-- Database synchronization settings -->
-    <synchronization>
-      <enabled>yes</enabled>
-      <interval>5m</interval>
-      <max_eps>10</max_eps>
-    </synchronization>
-  </sca>
-
-  <vulnerability-detection>
-    <enabled>yes</enabled>
-    <index-status>yes</index-status>
-    <feed-update-interval>60m</feed-update-interval>
-  </vulnerability-detection>
-
-  <indexer>
-    <enabled>yes</enabled>
-    <hosts>
-      <host>https://wazuh.indexer:9200</host>
-    </hosts>
-    <ssl>
-      <certificate_authorities>
-        <ca>/etc/ssl/root-ca.pem</ca>
-      </certificate_authorities>
-      <certificate>/etc/ssl/filebeat.pem</certificate>
-      <key>/etc/ssl/filebeat.key</key>
-    </ssl>
-  </indexer>
-
-  <!-- File integrity monitoring -->
-  <syscheck>
-    <disabled>no</disabled>
-
-    <!-- Frequency that syscheck is executed default every 12 hours -->
-    <frequency>43200</frequency>
-
-    <!-- Generate alert when new file detected -->
-    <alert_new_files>yes</alert_new_files>
-
-    <!-- Don't ignore files that change more than 'frequency' times -->
-    <auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
-
-    <!-- Directories to check  (perform all possible verifications) -->
-    <directories>/etc,/usr/bin,/usr/sbin</directories>
-    <directories>/bin,/sbin,/boot</directories>
-
-    <!-- Files/directories to ignore -->
-    <ignore>/etc/mtab</ignore>
-    <ignore>/etc/hosts.deny</ignore>
-    <ignore>/etc/mail/statistics</ignore>
-    <ignore>/etc/random-seed</ignore>
-    <ignore>/etc/random.seed</ignore>
-    <ignore>/etc/adjtime</ignore>
-    <ignore>/etc/httpd/logs</ignore>
-    <ignore>/etc/utmpx</ignore>
-    <ignore>/etc/wtmpx</ignore>
-    <ignore>/etc/cups/certs</ignore>
-    <ignore>/etc/dumpdates</ignore>
-    <ignore>/etc/svc/volatile</ignore>
-
-    <!-- File types to ignore -->
-    <ignore type="sregex">.log$|.swp$</ignore>
-
-    <!-- Check the file, but never compute the diff -->
-    <nodiff>/etc/ssl/private.key</nodiff>
-
-    <skip_nfs>yes</skip_nfs>
-    <skip_dev>yes</skip_dev>
-    <skip_proc>yes</skip_proc>
-    <skip_sys>yes</skip_sys>
-
-    <!-- Nice value for Syscheck process -->
-    <process_priority>10</process_priority>
-
-    <!-- Maximum output throughput -->
-    <max_eps>50</max_eps>
-
-    <!-- Database synchronization settings -->
-    <synchronization>
-      <enabled>yes</enabled>
-      <interval>5m</interval>
-      <max_eps>10</max_eps>
-    </synchronization>
-  </syscheck>
-
-  <!-- Active response -->
-  <global>
-    <white_list>127.0.0.1</white_list>
-    <white_list>^localhost.localdomain$</white_list>
-  </global>
-
-  <command>
-    <name>disable-account</name>
-    <executable>disable-account</executable>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>restart-wazuh</name>
-    <executable>restart-wazuh</executable>
-  </command>
-
-  <command>
-    <name>firewall-drop</name>
-    <executable>firewall-drop</executable>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>host-deny</name>
-    <executable>host-deny</executable>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>route-null</name>
-    <executable>route-null</executable>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>win_route-null</name>
-    <executable>route-null.exe</executable>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>netsh</name>
-    <executable>netsh.exe</executable>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <!--
-  <active-response>
-    active-response options here
-  </active-response>
-  -->
-
-  <!-- Log analysis -->
-  <localfile>
-    <log_format>command</log_format>
-    <command>df -P</command>
-    <frequency>360</frequency>
-  </localfile>
-
-  <localfile>
-    <log_format>full_command</log_format>
-    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
-    <alias>netstat listening ports</alias>
-    <frequency>360</frequency>
-  </localfile>
-
-  <localfile>
-    <log_format>full_command</log_format>
-    <command>last -n 20</command>
-    <frequency>360</frequency>
-  </localfile>
-
-  <ruleset>
-    <!-- Default ruleset -->
-    <decoder_dir>ruleset/decoders</decoder_dir>
-    <rule_dir>ruleset/rules</rule_dir>
-    <rule_exclude>0215-policy_rules.xml</rule_exclude>
-    <list>etc/lists/audit-keys</list>
-    <list>etc/lists/amazon/aws-eventnames</list>
-    <list>etc/lists/security-eventchannel</list>
-    <list>etc/lists/malicious-ioc/malicious-ip</list>
-    <list>etc/lists/malicious-ioc/malicious-domains</list>
-    <list>etc/lists/malicious-ioc/malware-hashes</list>
-
-    <!-- User-defined ruleset -->
-    <decoder_dir>etc/decoders</decoder_dir>
-    <rule_dir>etc/rules</rule_dir>
-  </ruleset>
-
-  <!-- Configuration for wazuh-authd -->
-  <auth>
-    <disabled>no</disabled>
-    <port>1515</port>
-    <use_source_ip>no</use_source_ip>
-    <purge>yes</purge>
-    <use_password>no</use_password>
-    <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
-    <!-- <ssl_agent_ca></ssl_agent_ca> -->
-    <ssl_verify_host>no</ssl_verify_host>
-    <ssl_manager_cert>etc/sslmanager.cert</ssl_manager_cert>
-    <ssl_manager_key>etc/sslmanager.key</ssl_manager_key>
-    <ssl_auto_negotiate>no</ssl_auto_negotiate>
-  </auth>
-
-  <cluster>
-    <name>wazuh</name>
-    <node_name>node01</node_name>
-    <node_type>master</node_type>
-    <key>aa093264ef885029653eea20dfcf51ae</key>
-    <port>1516</port>
-    <bind_addr>0.0.0.0</bind_addr>
-    <nodes>
-        <node>wazuh.manager</node>
-    </nodes>
-    <hidden>no</hidden>
-    <disabled>yes</disabled>
-  </cluster>
-
-</ossec_config>
-
-<ossec_config>
-  <localfile>
-    <log_format>journald</log_format>
-    <location>journald</location>
-  </localfile>
-
-  <localfile>
-    <log_format>audit</log_format>
-    <location>/var/log/audit/audit.log</location>
-  </localfile>
-
-  <localfile>
-    <log_format>syslog</log_format>
-    <location>/var/ossec/logs/active-responses.log</location>
-  </localfile>
-
-</ossec_config>

single-node/config/wazuh_dashboard/opensearch_dashboards.yml

@@ -1,16 +0,0 @@
-server.host: 0.0.0.0
-server.port: 5601
-opensearch.hosts: https://wazuh.indexer:9200
-opensearch.ssl.verificationMode: certificate
-opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
-opensearch_security.multitenancy.enabled: false
-opensearch_security.readonly_mode.roles: ["kibana_read_only"]
-server.ssl.enabled: true
-server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
-server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
-opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
-uiSettings.overrides.defaultRoute: /app/wz-home
-# Session expiration settings
-opensearch_security.cookie.ttl: 900000
-opensearch_security.session.ttl: 900000
-opensearch_security.session.keepalive: true

single-node/config/wazuh_dashboard/wazuh.yml

@@ -1,7 +0,0 @@
-hosts:
-  - 1513629884013:
-      url: "https://wazuh.manager"
-      port: 55000
-      username: wazuh-wui
-      password: "MyS3cr37P450r.*-"
-      run_as: false

single-node/config/wazuh_indexer/internal_users.yml

@@ -1,56 +0,0 @@
----
-# This is the internal user database
-# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
-
-_meta:
-  type: "internalusers"
-  config_version: 2
-
-# Define your internal users here
-
-## Demo users
-
-admin:
-  hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO"
-  reserved: true
-  backend_roles:
-  - "admin"
-  description: "Demo admin user"
-
-kibanaserver:
-  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
-  reserved: true
-  description: "Demo kibanaserver user"
-
-kibanaro:
-  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
-  reserved: false
-  backend_roles:
-  - "kibanauser"
-  - "readall"
-  attributes:
-    attribute1: "value1"
-    attribute2: "value2"
-    attribute3: "value3"
-  description: "Demo kibanaro user"
-
-logstash:
-  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
-  reserved: false
-  backend_roles:
-  - "logstash"
-  description: "Demo logstash user"
-
-readall:
-  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
-  reserved: false
-  backend_roles:
-  - "readall"
-  description: "Demo readall user"
-
-snapshotrestore:
-  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
-  reserved: false
-  backend_roles:
-  - "snapshotrestore"
-  description: "Demo snapshotrestore user"

single-node/config/wazuh_indexer/wazuh.indexer.yml

@@ -1,30 +0,0 @@
-network.host: "0.0.0.0"
-node.name: "wazuh.indexer"
-cluster.name: "wazuh-cluster"
-path.data: /var/lib/wazuh-indexer
-path.logs: /var/log/wazuh-indexer
-discovery.type: single-node
-http.port: 9200-9299
-transport.tcp.port: 9300-9399
-plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem
-plugins.security.ssl.http.enabled: true
-plugins.security.ssl.transport.enforce_hostname_verification: false
-plugins.security.ssl.transport.resolve_hostname: false
-plugins.security.authcz.admin_dn:
-- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.check_snapshot_restore_write_privileges: true
-plugins.security.enable_snapshot_restore_privilege: true
-plugins.security.nodes_dn:
-- "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.restapi.roles_enabled:
-- "all_access"
-- "security_rest_api_access"
-plugins.security.system_indices.enabled: true
-plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
-plugins.security.allow_default_init_securityindex: true
-cluster.routing.allocation.disk.threshold_enabled: false

single-node/docker-compose.yml

@@ -1,7 +1,7 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 services:
   wazuh.manager:
-    image: wazuh/wazuh-manager:5.0.0
+    image: wazuh/wazuh-manager:main
     hostname: wazuh.manager
     restart: always
     ulimits:
@@ -17,13 +17,11 @@ services:
       - "514:514/udp"
       - "55000:55000"
     environment:
-      - INDEXER_URL=https://wazuh.indexer:9200
+      - WAZUH_INDEXER_HOSTS=wazuh.indexer:9200
+      - WAZUH_NODE_NAME=manager
+      - WAZUH_CLUSTER_NODES=wazuh.manager
       - INDEXER_USERNAME=admin
-      - INDEXER_PASSWORD=SecretPassword
-      - FILEBEAT_SSL_VERIFICATION_MODE=full
-      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
-      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
-      - SSL_KEY=/etc/ssl/filebeat.key
+      - INDEXER_PASSWORD=admin
       - API_USERNAME=wazuh-wui
       - API_PASSWORD=MyS3cr37P450r.*-
     volumes:
@@ -34,21 +32,25 @@ services:
       - wazuh_var_multigroups:/var/ossec/var/multigroups
       - wazuh_active_response:/var/ossec/active-response/bin
       - wazuh_wodles:/var/ossec/wodles
-      - filebeat_etc:/etc/filebeat
-      - filebeat_var:/var/lib/filebeat
-      - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
-      - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
+      - ./wazuh-certificates/root-ca.pem:/etc/filebeat/certs/root-ca.pem
+      - ./wazuh-certificates/wazuh.manager.pem:/etc/filebeat/certs/filebeat.pem
+      - ./wazuh-certificates/wazuh.manager-key.pem:/etc/filebeat/certs/filebeat-key.pem
 
   wazuh.indexer:
-    image: wazuh/wazuh-indexer:5.0.0
+    image: wazuh/wazuh-indexer:main
     hostname: wazuh.indexer
     restart: always
     ports:
       - "9200:9200"
     environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g
+      - bootstrap.memory_lock=true
+      - network.host=wazuh.indexer
+      - node.name=wazuh.indexer
+      - cluster.initial_cluster_manager_nodes=wazuh.indexer
+      - node.max_local_storage_nodes=1
+      - plugins.security.allow_default_init_securityindex=true
+      - NODES_DN=CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US
     ulimits:
       memlock:
         soft: -1
@@ -58,34 +60,33 @@ services:
         hard: 65536
     volumes:
       - wazuh-indexer-data:/var/lib/wazuh-indexer
-      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.key
-      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem
-      - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem
-      - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem
-      - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml
-      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml
+      - ./wazuh-certificates/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
+      - ./wazuh-certificates/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/indexer-key.pem
+      - ./wazuh-certificates/wazuh.indexer.pem:/usr/share/wazuh-indexer/config/certs/indexer.pem
+      - ./wazuh-certificates/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem
+      - ./wazuh-certificates/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:5.0.0
+    image: wazuh/wazuh-dashboard:main
     hostname: wazuh.dashboard
     restart: always
     ports:
       - 443:5601
     environment:
+      - SERVER_PORT=5601
+      - SERVER_HOST=0.0.0.0
+      - OPENSEARCH_HOSTS=https://wazuh.indexer:9200
       - INDEXER_USERNAME=admin
-      - INDEXER_PASSWORD=SecretPassword
+      - INDEXER_PASSWORD=admin
       - WAZUH_API_URL=https://wazuh.manager
       - DASHBOARD_USERNAME=kibanaserver
       - DASHBOARD_PASSWORD=kibanaserver
       - API_USERNAME=wazuh-wui
       - API_PASSWORD=MyS3cr37P450r.*-
     volumes:
-      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
-      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
-      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
-      - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
+      - ./wazuh-certificates/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/config/certs/dashboard.pem
+      - ./wazuh-certificates/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/config/certs/dashboard-key.pem
+      - ./wazuh-certificates/root-ca.pem:/usr/share/wazuh-dashboard/config/certs/root-ca.pem
       - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
       - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
     depends_on:
@@ -102,8 +103,6 @@ volumes:
   wazuh_var_multigroups:
   wazuh_active_response:
   wazuh_wodles:
-  filebeat_etc:
-  filebeat_var:
   wazuh-indexer-data:
   wazuh-dashboard-config:
   wazuh-dashboard-custom:

single-node/generate-indexer-certs.yml

@@ -1,10 +0,0 @@
-# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
-services:
-  generator:
-    image: wazuh/wazuh-certs-generator:0.0.3
-    hostname: wazuh-certs-generator
-    environment:
-      - CERT_TOOL_VERSION=4.14
-    volumes:
-      - ./config/wazuh_indexer_ssl_certs/:/certificates/
-      - ./config/certs.yml:/config/certs.yml